Sign-up

ID

VAR-201703-0181


CVE

CVE-2016-8005


TITLE

Intel Security McAfee Email Gateway Vulnerable to file extension filtering

Trust: 0.8

sources: JVNDB: JVNDB-2016-008167

DESCRIPTION

File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension. The solution offers incoming threat protection, outgoing encryption, data loss prevention, and more. There is a security vulnerability in versions earlier than Intel Security MEG 7.6.404h1128596. The vulnerability is caused by the program not recognizing the file name correctly. An attacker could exploit this vulnerability by scanning email to bypass application protection

Trust: 1.71

sources: NVD: CVE-2016-8005 // JVNDB: JVNDB-2016-008167 // VULHUB: VHN-96825

AFFECTED PRODUCTS

vendor:mcafeemodel:email gatewayscope:lteversion:7.6.401

Trust: 1.0

vendor:mcafeemodel:email gatewayscope:ltversion:7.6.404h1128596

Trust: 0.8

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.401

Trust: 0.6

sources: JVNDB: JVNDB-2016-008167 // CNNVD: CNNVD-201703-577 // NVD: CVE-2016-8005

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8005
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8005
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-577
value: MEDIUM

Trust: 0.6

VULHUB: VHN-96825
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8005
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-96825
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8005
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-96825 // JVNDB: JVNDB-2016-008167 // CNNVD: CNNVD-201703-577 // NVD: CVE-2016-8005

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-96825 // JVNDB: JVNDB-2016-008167 // NVD: CVE-2016-8005

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-577

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201703-577

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008167

PATCH
title:SB10161url:https://kc.mcafee.com/corporate/index?page=content&id=SB10161
Trust: 0.8
title:Intel Security McAfee Email Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68396
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008167 // 
            
            
            
            CNNVD: CNNVD-201703-577

EXTERNAL IDS
db:NVDid:CVE-2016-8005
Trust: 2.5
db:MCAFEEid:SB10161
Trust: 1.7
db:JVNDBid:JVNDB-2016-008167
Trust: 0.8
db:CNNVDid:CNNVD-201703-577
Trust: 0.7
db:VULHUBid:VHN-96825
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96825 // 
            
            
            
            JVNDB: JVNDB-2016-008167 // 
            
            
            
            CNNVD: CNNVD-201703-577 // 
            
            
            
            NVD: CVE-2016-8005

REFERENCES
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10161
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8005
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8005
Trust: 0.8
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10161
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96825 // 
            
            
            
            JVNDB: JVNDB-2016-008167 // 
            
            
            
            CNNVD: CNNVD-201703-577 // 
            
            
            
            NVD: CVE-2016-8005

SOURCES
db:VULHUBid:VHN-96825
db:JVNDBid:JVNDB-2016-008167
db:CNNVDid:CNNVD-201703-577
db:NVDid:CVE-2016-8005

LAST UPDATE DATE
2025-04-20T23:26:09.023000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-96825date:2017-03-30T00:00:00
db:JVNDBid:JVNDB-2016-008167date:2017-04-27T00:00:00
db:CNNVDid:CNNVD-201703-577date:2017-03-16T00:00:00
db:NVDid:CVE-2016-8005date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-96825date:2017-03-14T00:00:00
db:JVNDBid:JVNDB-2016-008167date:2017-04-27T00:00:00
db:CNNVDid:CNNVD-201703-577date:2017-03-16T00:00:00
db:NVDid:CVE-2016-8005date:2017-03-14T22:59:00.633